URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-01-15 17:36:05 | 104.21.5.99 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-01-15 17:36:05 | 172.67.133.70 | Not listed | AS13335 CLOUDFLARENET | n/a | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-03-10 19:17:07 | https://weixe.ir/html/po.exe | Offline | exe Formbook  |  abuse_ch |
| 2025-02-10 19:19:06 | https://weixe.ir/txt/rhLWwl4GaRtMLe7.exe | Offline | exe Formbook | abuse_ch |
| 2025-02-10 14:16:04 | https://weixe.ir/txt/CYcePCNCH4aNtQj.exe | Offline | exe MassLogger SnakeKeylogger |  James_inthe_box |
| 2025-02-07 20:12:22 | https://weixe.ir/txt/KKOuMJFtZD7ouhw.exe | Offline | exe MassLogger VIPKeylogger | abuse_ch |
| 2025-02-05 07:26:03 | https://weixe.ir/txt/MKVWXpQVI3hLpenD.exe | Offline | exe | abuse_ch |
| 2025-01-31 07:08:04 | https://weixe.ir/txt/RW1EbLWSWWfWZzX.exe | Offline | exe Loki | abuse_ch |
| 2025-01-28 13:04:04 | https://weixe.ir/txt/89oQilINVVAhwigj7.exe | Offline | exe RemcosRAT |  NDA0E |
| 2025-01-17 11:42:10 | https://weixe.ir/txt/NEWORDER.exe | Offline | exe MassLogger SnakeKeylogger | NDA0E |
| 2025-01-16 07:32:11 | https://weixe.ir/txt/dSoQilINVVAhwi2.exe | Offline | exe rat RemcosRAT | abuse_ch |
| 2025-01-15 17:36:05 | https://weixe.ir/txt/NJilhB1xaRKltAX.exe | Offline | exe Loki | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-03-10 19:17:07 | efc12adbd390616dd57c56b361c170b38bb47172f0453ce3fb6676483f0fd215 | exe | Formbook | |
| 2025-02-10 19:28:53 | dfd501f607b0d8b7c59ad977a43e0d4985ad8e279a5ec5c9f61acfc57c1b44da | exe | MassLogger | |
| 2025-02-10 19:19:06 | 62bacfd17d10d4dae8dd039b5b2c577b382e1aa21357e68d4e49505b2b05b7aa | exe | Formbook | |
| 2025-02-10 14:16:04 | 2a1b2e65014eff8d6898cb69bdbfd860aa7a71092b87c744dffb4c0620865a51 | exe | MassLogger | |
| 2025-01-31 07:08:04 | 3e749119035a974ae811508340b26b503fc9d34a4992a4aacf1d8c3fee009b2f | exe | Loki | |
| 2025-01-28 13:04:04 | b5bc975891963c29a16fe8ac7dd612f15afe937fd14ba95707a6ab30224bfc7a | exe | RemcosRAT | |
| 2025-01-17 11:42:10 | e3140471b8e10e218754105e8fe4305bd7045f0f1da7eee586b07e5cfe4206b5 | exe | MassLogger | |
| 2025-01-16 07:32:11 | 1c80bf8e780ae58203e7f816c8fe04f66df434a3fbd981ba7c6e52e588622c03 | exe | RemcosRAT | |
| 2025-01-15 17:36:05 | ddb5e23628ee7ec31f19fd22b9183896d27f5dca982a9e68a189dd32c3fc42b0 | exe | Loki |